Computer Crime Research Center

Phishing gets enhanced

Phishing attacks are getting harder to spot as cybercriminals become increasingly skilled at disguising their fraudulant Web sites

Phishers are becoming increasingly sophisticated in their attempts to grab user names, passwords and other personal data from users of commercial websites, according to latest industry research.

April's report from the Anti-Phishing Working Group, published on Monday, indicates an 11 percent drop in the number of reported attacks using simple IP address domains. The overall number of reports continued their upward trend to reach 14,441 for the month, said the APWG, which compiles its report with the help of WebSense.

The decline in the number of IP-only attacks, in which users are misdirected to a site that just has an IP address and so is less likely than one showing a domain name to deceive them, means phishers are getting better at disguising their scam attempts.

"A lot of the recent phishing sites use hijacked servers where the scam is located on the domain of a legitimate enterprise," said the APWG, adding that this technique requires the phishers to get access to the servers, typically by hacking or installing malware.

"This tactic gives the scammers the advantage of having a link that leads to a legitimate domain that cannot be blacklisted. In fact, it is likely that such a phishing message would get through a spam filter that uses ‘whitelisting’."

The number of brands targeted stayed the same from March to April, though there was significant churn within this group, with 11 brands being replaced. "The visible trend is that there is a consistent set of favourite brands targetted by phishers combined with an ever-changing tail of brands in the broader market," said the APWG.

"Brands in the favourites list tend to remain for a long time -- most of the big names are here -- and the ones in the tail frequently change." This separation has its logic, said the group: while some of the scammers count on the popularity of some brands to generate more hits to the phishing site (the ones in the favourites list), others try to scam the customers of companies that had not experienced the phenomenon so far, and are presumably less experienced in exposing phishing.

Financial services companies continued to be by far the most targeted industry sector, accounting for 84 percent of reported phishing attacks in April. ISPs accounted for 11 percent, followed by retail companies.

The APWG also said it had recorded a rise in the 'main-in-the-middle' phishing attacks. This type of attack uses some knowledge on the way a given legitimate site processes logins. Given such knowledge, a scammer can build a site that acts as a 'front end' mask for the legitimate login site – it would return an error message when incorrect login data is passed, for example.